---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: capcd-controller-manager
  namespace:  d8-cloud-provider-vcd
  {{- include "helm_lib_module_labels" (list . (dict "app" "capcd-controller-manager")) | nindent 2 }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: d8:cloud-provider-vcd:capcd-controller-manager
  {{- include "helm_lib_module_labels" (list . (dict "app" "capcd-controller-manager")) | nindent 2 }}
rules:
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - addons.cluster.x-k8s.io
    resources:
      - clusterresourcesetbindings
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - bootstrap.cluster.x-k8s.io
    resources:
      - kubeadmconfigtemplates
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - cluster.x-k8s.io
    resources:
      - clusters
      - clusters/status
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - cluster.x-k8s.io
    resources:
      - machinedeployments
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - cluster.x-k8s.io
    resources:
      - machines
      - machines/status
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - controlplane.cluster.x-k8s.io
    resources:
      - kubeadmcontrolplanes
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters/finalizers
    verbs:
      - update
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters/status
    verbs:
      - get
      - patch
      - update
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines/finalizers
    verbs:
      - update
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines/status
    verbs:
      - get
      - patch
      - update
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachinetemplates
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters/status
    verbs:
      - get
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclusters/status
    verbs:
      - get
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclustertemplates
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdclustertemplates/status
    verbs:
      - get

  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines/status
    verbs:
      - get
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachines/status
    verbs:
      - get
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachinetemplates
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachinetemplates/status
    verbs:
      - get
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachinetemplates
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - infrastructure.cluster.x-k8s.io
    resources:
      - vcdmachinetemplates/status
    verbs:
      - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: d8:cloud-provider-vcd:capcd-controller-manager-binding
  {{- include "helm_lib_module_labels" (list . (dict "app" "capcd-controller-manager")) | nindent 2 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: d8:cloud-provider-vcd:capcd-controller-manager
subjects:
- kind: ServiceAccount
  name: capcd-controller-manager
  namespace:  d8-cloud-provider-vcd

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: capcd-controller-manager-leader-election
  namespace:  d8-cloud-provider-vcd
  {{- include "helm_lib_module_labels" (list . (dict "app" "capcd-controller-manager")) | nindent 2 }}
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch


---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: capcd-controller-manager-leader-election-role-binding
  namespace:  d8-cloud-provider-vcd
  {{- include "helm_lib_module_labels" (list . (dict "app" "capcd-controller-manager")) | nindent 2 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: capcd-controller-manager-leader-election
subjects:
- kind: ServiceAccount
  name: capcd-controller-manager
  namespace:  d8-cloud-provider-vcd
